Re: [Resteasy-users] Oauth2 with RestEasy behind an AWS Load Balancer
Hi Weinan, The AWS load balancer sends an X-Forwarded-Proto header to the Jboss server in the backed, which Jboss is able to use if I add this valve and option to my jboss-web.xml: valve class-nameorg.apache.catalina.valves.RemoteIpValve/class-name param param-nameprotocolHeader/param-name param-valuex-forwarded-proto/param-value /param /valve This allows Jboss to handle the original https request, and Resteasy to proceed with proper authorization. Thanks for the help! The only issue I see now is that the Bearer token that I get back by using client credentials and BASIC auth does not expire when I set it to - even if I set it to 1 minute in the RestEasy settings. It is still allowed after it should have timed out. Is there another way that I should be setting or enforcing the token timeout? Thanks, James On Sat, Jan 25, 2014 at 6:07 AM, Weinan Li l.wei...@gmail.com wrote: Hi James, Sorry I’m not familiar with AWS load balancer. I know that mod_jk supports to pass client SSL information to backend JBoss server and the application in JBoss server could use the information to do their work. And mod_jk is using standard AJPv13 protocol to forward the client SSL information to backend JBoss servers. If AWS load balancer supports AJPv13 protocol, it should also be able to pass the SSL information to JBoss. -- Weinan Li On Saturday, January 25, 2014 at 6:55 AM, james truty wrote: I am trying to use RestEasy in Jboss as a central auth server to authenticate REST calls behind an AWS load balancer. Ideally, this load balancer would communicate to the Jboss server over HTTP (not https) as the SSL part is handled at the load balancer level before hitting the auth server in the backend. In this case, the Jboss server has no knowledge of the SSL Cert or the HTTPS request. Is it possible to use RestEasy for auth in this scenario? Without the SSL connector configured through JBoss, I don't have access to the necessary OAUTH urls. Thanks, James -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net (mailto: Resteasy-users@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/resteasy-users -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
Re: [Resteasy-users] Oauth2 with RestEasy behind an AWS Load Balancer
Hi James, Glad the header problem is solved :-) For Beaer token, sorry I’m not familiar about it, but if it uses cookies to store authentication information, you can try to check your browser to see if the ‘Expires’ field of the cookie is set correctly or not. For example, if you are using Firefox, you can follow this instruction[1] to check the cookies. If the expiration is controlled in server side, then you can try to find the data that controls the expiration behaviour to see whether it set correctly or not. Hope the information useful to you :-) [1] http://support.mozilla.org/en-US/questions/689713 -- Weinan Li On Monday, January 27, 2014 at 4:24 AM, james truty wrote: Hi Weinan, The AWS load balancer sends an X-Forwarded-Proto header to the Jboss server in the backed, which Jboss is able to use if I add this valve and option to my jboss-web.xml (http://web.xml): valve class-nameorg.apache.catalina.valves.RemoteIpValve/class-name param param-nameprotocolHeader/param-name param-valuex-forwarded-proto/param-value /param /valve This allows Jboss to handle the original https request, and Resteasy to proceed with proper authorization. Thanks for the help! The only issue I see now is that the Bearer token that I get back by using client credentials and BASIC auth does not expire when I set it to - even if I set it to 1 minute in the RestEasy settings. It is still allowed after it should have timed out. Is there another way that I should be setting or enforcing the token timeout? Thanks, James On Sat, Jan 25, 2014 at 6:07 AM, Weinan Li l.wei...@gmail.com (mailto:l.wei...@gmail.com) wrote: Hi James, Sorry I’m not familiar with AWS load balancer. I know that mod_jk supports to pass client SSL information to backend JBoss server and the application in JBoss server could use the information to do their work. And mod_jk is using standard AJPv13 protocol to forward the client SSL information to backend JBoss servers. If AWS load balancer supports AJPv13 protocol, it should also be able to pass the SSL information to JBoss. -- Weinan Li On Saturday, January 25, 2014 at 6:55 AM, james truty wrote: I am trying to use RestEasy in Jboss as a central auth server to authenticate REST calls behind an AWS load balancer. Ideally, this load balancer would communicate to the Jboss server over HTTP (not https) as the SSL part is handled at the load balancer level before hitting the auth server in the backend. In this case, the Jboss server has no knowledge of the SSL Cert or the HTTPS request. Is it possible to use RestEasy for auth in this scenario? Without the SSL connector configured through JBoss, I don't have access to the necessary OAUTH urls. Thanks, James -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net (mailto:Resteasy-users@lists.sourceforge.net) (mailto:Resteasy-users@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/resteasy-users -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
Re: [Resteasy-users] Oauth2 with RestEasy behind an AWS Load Balancer
Hi James, Sorry I’m not familiar with AWS load balancer. I know that mod_jk supports to pass client SSL information to backend JBoss server and the application in JBoss server could use the information to do their work. And mod_jk is using standard AJPv13 protocol to forward the client SSL information to backend JBoss servers. If AWS load balancer supports AJPv13 protocol, it should also be able to pass the SSL information to JBoss. -- Weinan Li On Saturday, January 25, 2014 at 6:55 AM, james truty wrote: I am trying to use RestEasy in Jboss as a central auth server to authenticate REST calls behind an AWS load balancer. Ideally, this load balancer would communicate to the Jboss server over HTTP (not https) as the SSL part is handled at the load balancer level before hitting the auth server in the backend. In this case, the Jboss server has no knowledge of the SSL Cert or the HTTPS request. Is it possible to use RestEasy for auth in this scenario? Without the SSL connector configured through JBoss, I don't have access to the necessary OAUTH urls. Thanks, James -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net (mailto:Resteasy-users@lists.sourceforge.net) https://lists.sourceforge.net/lists/listinfo/resteasy-users -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
[Resteasy-users] Oauth2 with RestEasy behind an AWS Load Balancer
I am trying to use RestEasy in Jboss as a central auth server to authenticate REST calls behind an AWS load balancer. Ideally, this load balancer would communicate to the Jboss server over HTTP (not https) as the SSL part is handled at the load balancer level before hitting the auth server in the backend. In this case, the Jboss server has no knowledge of the SSL Cert or the HTTPS request. Is it possible to use RestEasy for auth in this scenario? Without the SSL connector configured through JBoss, I don't have access to the necessary OAUTH urls. Thanks, James -- CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431iu=/4140/ostg.clktrk___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users